目录
虚拟机:
server {
listen 80;
listen [::]:80;
server_name book.gdtwzc.com;
set $host_path "/var/www/html/Supports/BookStack/public";
listen 443 ssl;
ssl_certificate /var/server-auths/certs/$server_name/fullchain.crt;
ssl_certificate_key /var/server-auths/certs/$server_name/the.key;
access_log /var/log/nginx/book.log main;
error_log /var/log/nginx/book.error.log;
charset utf-8;
root $host_path;
index index.html index.htm index.php;
location /.well-known/acme-challenge/ {
alias $host_path/.well-known/acme-challenge/;
try_files $uri =404;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_pass php8:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
#include agent_deny.def;
}
微服务转发:
server {
listen 80;
listen [::]:80;
server_name ai-chat01.gdtwzc.com;
#if ($host != 'ai-chat01.gdtwzc.com') {
# rewrite ^/(.*)$ https://ai-chat01.gdtwzc.com/$1 permanent;
#}
listen 443 ssl;
ssl_certificate /var/server-auths/certs/$server_name/fullchain.crt;
ssl_certificate_key /var/server-auths/certs/$server_name/the.key;
#large_client_header_buffers 4 32k;
access_log /var/log/nginx/ai-chat01.gdtwzc.com.log main;
error_log /var/log/nginx/ai-chat01.gdtwzc.com.error.log;
charset utf-8;
location /.well-known/acme-challenge/ {
alias /var/www/html/Research/one-api/.well-known/acme-challenge/;
try_files $uri =404;
}
location / {
auth_basic "Authorize Site";
auth_basic_user_file /var/server-auths/htpasswd;
proxy_pass http://172.17.0.149:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#include agent_deny.def;
}
资源跨域:
法一:CORS(Cross-Origin Resource Sharing) 服务器支持
location / {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
}法二:服务器代理访问
server {
#nginx监听所有localhost:8080端口收到的请求
listen 8080;
server_name localhost;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
#localhost:8080 会被转发到这里
#同时, 后端程序会接收到 "192.168.25.20:8088"这样的请求url
location / {
proxy_pass http://192.168.25.20:8088;
}
#localhost:8080/api/ 会被转发到这里
#同时, 后端程序会接收到 "192.168.25.20:9000/api/"这样的请求url
location /api/ {
proxy_pass http://192.168.25.20:9000;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}限流设置:
编辑 nginx.conf
http {
limit_rate 250k; # 单个请求带宽
limit_conn_zone $binary_remote_addr zone=addr:10m; # 连接限制域
limit_req_zone $binary_remote_addr zone=one:10m rate=20r/s; # 单个ip请求限制速率
...编辑 虚拟机文件 uat.conf
location ~ \.php$ {
#limit
limit_conn addr 50; #单ip限制50个connections
limit_req zone=one burst=5; # 应用请求限制
...参考:
- Module ngx_http_limit_conn_module
- Nginx限流模块limit_req_zone死磕之路 - Darren-Blog
- Nginx访问限制模块limit_conn_zone 和limit_req_zone配置使用 - PengYunjing - 博客园
294
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
